Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package transactional-update for
openSUSE:Factory checked in at 2022-05-18 13:12:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/transactional-update (Old)
and /work/SRC/openSUSE:Factory/.transactional-update.new.1538 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "transactional-update"
Wed May 18 13:12:47 2022 rev:87 rq:977663 version:4.0.0~rc4
Changes:
--------
---
/work/SRC/openSUSE:Factory/transactional-update/transactional-update.changes
2022-05-12 22:57:56.280601663 +0200
+++
/work/SRC/openSUSE:Factory/.transactional-update.new.1538/transactional-update.changes
2022-05-18 13:12:53.738647080 +0200
@@ -1,0 +2,11 @@
+Tue May 17 07:59:57 UTC 2022 - Ignaz Forster <ifors...@suse.com>
+
+- Version 4.0.0~rc4
+ - Fix building with GCC 12
+ - Fix stack overflow with very long commands / ids [bsc#1196149]
+ - Use separate mount namespace for chroot, allowing overwriting
+ the bind mounts from the update environment - this could have
+ lead to data loss of the bind mount previously
+ - Fix C error and exception handling for snapshots
+
+-------------------------------------------------------------------
Old:
----
transactional-update-4.0.0~rc3.tar.gz
New:
----
transactional-update-4.0.0~rc4.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ transactional-update.spec ++++++
--- /var/tmp/diff_new_pack.dC0qg8/_old 2022-05-18 13:12:54.198647485 +0200
+++ /var/tmp/diff_new_pack.dC0qg8/_new 2022-05-18 13:12:54.198647485 +0200
@@ -26,14 +26,14 @@
%{!?_distconfdir: %global _distconfdir %{_prefix}%{_sysconfdir}}
Name: transactional-update
-Version: 4.0.0~rc3
+Version: 4.0.0~rc4
Release: 0
Summary: Transactional Updates with btrfs and snapshots
License: GPL-2.0-or-later AND LGPL-2.1-or-later
Group: System/Base
URL: https://github.com/openSUSE/transactional-update
#Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
-Source0: transactional-update-4.0.0~rc3.tar.gz
+Source0: transactional-update-4.0.0~rc4.tar.gz
Source1: transactional-update.check
BuildRequires: autoconf
++++++ transactional-update-4.0.0~rc3.tar.gz ->
transactional-update-4.0.0~rc4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/transactional-update-4.0.0~rc3/NEWS
new/transactional-update-4.0.0~rc4/NEWS
--- old/transactional-update-4.0.0~rc3/NEWS 2022-05-03 12:42:30.000000000
+0200
+++ new/transactional-update-4.0.0~rc4/NEWS 2022-05-17 09:50:33.000000000
+0200
@@ -2,6 +2,14 @@
Copyright (C) 2016-2021 Thorsten Kukuk, Ignaz Forster et al.
+Version 4.0.0~rc4
+* Fix building with GCC 12
+* Fix stack overflow with very long commands / ids [bsc#1196149]
+* Use separate mount namespace for chroot, allowing overwriting the bind
+ mounts from the update environment - this could have lead to data loss
+ of the bind mount previously
+* Fix C error and exception handling for snapshots
+
Version 4.0.0~rc3
* Add Snapshot interface
* Reworked signal handling: All public signals are sent from the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/transactional-update-4.0.0~rc3/configure
new/transactional-update-4.0.0~rc4/configure
--- old/transactional-update-4.0.0~rc3/configure 2022-05-03
12:42:58.000000000 +0200
+++ new/transactional-update-4.0.0~rc4/configure 2022-05-17
09:53:37.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for transactional-update 4.0.0~rc3.
+# Generated by GNU Autoconf 2.71 for transactional-update 4.0.0~rc4.
#
#
# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
@@ -618,8 +618,8 @@
# Identity of this package.
PACKAGE_NAME='transactional-update'
PACKAGE_TARNAME='transactional-update'
-PACKAGE_VERSION='4.0.0~rc3'
-PACKAGE_STRING='transactional-update 4.0.0~rc3'
+PACKAGE_VERSION='4.0.0~rc4'
+PACKAGE_STRING='transactional-update 4.0.0~rc4'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1425,7 +1425,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures transactional-update 4.0.0~rc3 to adapt to many kinds
of systems.
+\`configure' configures transactional-update 4.0.0~rc4 to adapt to many kinds
of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1498,7 +1498,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of transactional-update
4.0.0~rc3:";;
+ short | recursive ) echo "Configuration of transactional-update
4.0.0~rc4:";;
esac
cat <<\_ACEOF
@@ -1646,7 +1646,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-transactional-update configure 4.0.0~rc3
+transactional-update configure 4.0.0~rc4
generated by GNU Autoconf 2.71
Copyright (C) 2021 Free Software Foundation, Inc.
@@ -2026,7 +2026,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by transactional-update $as_me 4.0.0~rc3, which was
+It was created by transactional-update $as_me 4.0.0~rc4, which was
generated by GNU Autoconf 2.71. Invocation command line was
$ $0$ac_configure_args_raw
@@ -3633,7 +3633,7 @@
# Define the identity of the package.
PACKAGE='transactional-update'
- VERSION='4.0.0~rc3'
+ VERSION='4.0.0~rc4'
printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
@@ -22154,7 +22154,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by transactional-update $as_me 4.0.0~rc3, which was
+This file was extended by transactional-update $as_me 4.0.0~rc4, which was
generated by GNU Autoconf 2.71. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -22213,7 +22213,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
-transactional-update config.status 4.0.0~rc3
+transactional-update config.status 4.0.0~rc4
configured by $0, generated by GNU Autoconf 2.71,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/transactional-update-4.0.0~rc3/configure.ac
new/transactional-update-4.0.0~rc4/configure.ac
--- old/transactional-update-4.0.0~rc3/configure.ac 2022-05-03
12:42:30.000000000 +0200
+++ new/transactional-update-4.0.0~rc4/configure.ac 2022-05-17
09:52:31.000000000 +0200
@@ -1,5 +1,5 @@
dnl Process this file with autoconf to produce a configure script.
-AC_INIT(transactional-update, 4.0.0~rc3)
+AC_INIT(transactional-update, 4.0.0~rc4)
# Increase on any interface change and reset revision
LIBTOOL_CURRENT=4
# Increase or reset on any VERSION update
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/transactional-update-4.0.0~rc3/dbus/tukitd.c
new/transactional-update-4.0.0~rc4/dbus/tukitd.c
--- old/transactional-update-4.0.0~rc3/dbus/tukitd.c 2022-05-03
12:42:30.000000000 +0200
+++ new/transactional-update-4.0.0~rc4/dbus/tukitd.c 2022-05-17
09:43:52.000000000 +0200
@@ -140,13 +140,12 @@
int ret = 0;
int exec_ret = 0;
wordexp_t p;
+ const char* transaction = NULL;
struct execute_args* ea = (struct execute_args*)args;
struct tukit_tx* tx = ea->transaction;
- char command[strlen(ea->command) + 1];
- strcpy(command, ea->command);
- char rebootmethod[strlen(ea->rebootmethod) + 1];
- strcpy(rebootmethod, ea->rebootmethod);
+ char *command = strdup(ea->command);
+ char *rebootmethod = strdup(ea->rebootmethod);
enum transactionstates *state = ea->state;
@@ -157,7 +156,12 @@
// avoid timeouts.
sd_bus *bus = NULL;
- const char* transaction = tukit_tx_get_snapshot(tx);
+ if (command == NULL || rebootmethod == NULL) {
+ send_error_signal(bus, rebootmethod, "Error during strdup.", -ENOMEM);
+ goto finish_execute;
+ }
+
+ transaction = tukit_tx_get_snapshot(tx);
if (tx == NULL) {
send_error_signal(bus, transaction, tukit_get_errmsg(), -1);
goto finish_execute;
@@ -210,6 +214,8 @@
sd_bus_flush_close_unref(bus);
tukit_free_tx(tx);
free((void*)transaction);
+ free(command);
+ free(rebootmethod);
return (void*)(intptr_t) ret;
}
@@ -347,12 +353,11 @@
int ret = 0;
int exec_ret = 0;
wordexp_t p;
+ struct tukit_tx* tx = NULL;
struct call_args* ea = (struct call_args*)args;
- char transaction[strlen(ea->transaction) + 1];
- strcpy(transaction, ea->transaction);
- char command[strlen(ea->command) + 1];
- strcpy(command, ea->command);
+ char *transaction = strdup(ea->transaction);
+ char *command = strdup(ea->command);
int chrooted = ea->chrooted;
enum transactionstates *state = ea->state;
@@ -365,7 +370,12 @@
// avoid timeouts.
sd_bus *bus = NULL;
- struct tukit_tx* tx = tukit_new_tx();
+ if (command == NULL || transaction == NULL) {
+ send_error_signal(bus, transaction, "Error during strdup.", -ENOMEM);
+ goto finish_execute;
+ }
+
+ tx = tukit_new_tx();
if (tx == NULL) {
send_error_signal(bus, transaction, tukit_get_errmsg(), -1);
goto finish_execute;
@@ -412,6 +422,8 @@
finish_execute:
sd_bus_flush_close_unref(bus);
tukit_free_tx(tx);
+ free(transaction);
+ free(command);
return (void*)(intptr_t) ret;
}
@@ -573,6 +585,9 @@
char *columns;
size_t list_len = 0;
int columnnum = 1;
+ int ret = 0;
+ struct tukit_sm_list* list = NULL;
+ sd_bus_message *message = NULL;
if (sd_bus_message_read(m, "s", &columns) < 0) {
sd_bus_error_set_const(ret_error, "org.opensuse.tukit.Error", "Could
not read D-Bus parameters.");
@@ -582,44 +597,49 @@
for (int i=0; i < INT_MAX && columns[i]; i++)
columnnum += (columns[i] == ',');
- struct tukit_sm_list* list = tukit_sm_get_list(&list_len, columns);
+ if ((list = tukit_sm_get_list(&list_len, columns)) == NULL) {
+ sd_bus_error_set_const(ret_error, "org.opensuse.tukit.Error",
tukit_get_errmsg());
+ ret = -1;
+ goto finish_snapshotlist;
+ }
- sd_bus_message *message = NULL;
- if (sd_bus_message_new_method_return(m, &message) < 0) {
+ if ((ret = sd_bus_message_new_method_return(m, &message)) < 0) {
sd_bus_error_set_const(ret_error, "org.opensuse.tukit.Error",
"Creating new return method failed.");
- return -1;
+ goto finish_snapshotlist;
}
- if (sd_bus_message_open_container(message, SD_BUS_TYPE_ARRAY, "as") < 0 ) {
+ if ((ret = sd_bus_message_open_container(message, SD_BUS_TYPE_ARRAY,
"as")) < 0 ) {
sd_bus_error_set_const(ret_error, "org.opensuse.tukit.Error",
"Creating container (array of snapshots) failed.");
- return -1;
+ goto finish_snapshotlist;
}
for (int i=0; i < list_len; i++) {
- if (sd_bus_message_open_container(message, SD_BUS_TYPE_ARRAY, "s") < 0
) {
+ if ((ret = sd_bus_message_open_container(message, SD_BUS_TYPE_ARRAY,
"s")) < 0 ) {
sd_bus_error_set_const(ret_error, "org.opensuse.tukit.Error",
"Creating container (array of snapshot data) failed.");
- return -1;
+ goto finish_snapshotlist;
}
for (int j=0; j < columnnum; j++) {
- if (sd_bus_message_append(message, "s",
tukit_sm_get_list_value(list, i, j)) < 0) {
+ if ((ret = sd_bus_message_append(message, "s",
tukit_sm_get_list_value(list, i, j))) < 0) {
sd_bus_error_set_const(ret_error, "org.opensuse.tukit.Error",
"Couldn't append to message (container).");
- return -1;
+ goto finish_snapshotlist;
}
}
- if (sd_bus_message_close_container(message) < 0) {
+ if ((ret = sd_bus_message_close_container(message)) < 0) {
sd_bus_error_set_const(ret_error, "org.opensuse.tukit.Error",
"Closing container (array of snapshot data) failed.");
- return -1;
+ goto finish_snapshotlist;
}
}
- if (sd_bus_message_close_container(message) < 0) {
+ if ((ret = sd_bus_message_close_container(message)) < 0) {
sd_bus_error_set_const(ret_error, "org.opensuse.tukit.Error", "Closing
container (array of snapshot data) failed.");
- return -1;
+ goto finish_snapshotlist;
}
- if (sd_bus_send(sd_bus_message_get_bus(message), message, NULL) < 0) {
+ if ((ret = sd_bus_send(sd_bus_message_get_bus(message), message, NULL)) <
0) {
sd_bus_error_set_const(ret_error, "org.opensuse.tukit.Error", "Sending
message failed.");
- return -1;
+ goto finish_snapshotlist;
}
+
+finish_snapshotlist:
sd_bus_message_unref(message);
tukit_free_sm_list(list);
- return 0;
+ return ret;
}
int event_handler(sd_event_source *s, const struct signalfd_siginfo *si, void
*userdata) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/transactional-update-4.0.0~rc3/lib/Bindings/CBindings.cpp
new/transactional-update-4.0.0~rc4/lib/Bindings/CBindings.cpp
--- old/transactional-update-4.0.0~rc3/lib/Bindings/CBindings.cpp
2022-05-03 12:42:30.000000000 +0200
+++ new/transactional-update-4.0.0~rc4/lib/Bindings/CBindings.cpp
2022-05-17 09:43:52.000000000 +0200
@@ -11,6 +11,7 @@
#include <exception>
#include <thread>
#include <string.h>
+#include <vector>
using namespace TransactionalUpdate;
thread_local std::string errmsg;
@@ -163,7 +164,14 @@
tukit_sm_list tukit_sm_get_list(size_t* len, const char* columns) {
std::unique_ptr<TransactionalUpdate::SnapshotManager> snapshotMgr =
TransactionalUpdate::SnapshotFactory::get();
- auto list = snapshotMgr->getList(columns);
+ std::deque<std::map<std::string,std::string>> list;
+ try {
+ list = snapshotMgr->getList(columns);
+ } catch (const std::exception &e) {
+ fprintf(stderr, "ERROR: %s\n", e.what());
+ errmsg = e.what();
+ return nullptr;
+ }
*len = list.size();
std::string cols(columns);
const size_t numColumns = std::count(cols.begin(), cols.end(), ',') + 1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/transactional-update-4.0.0~rc3/lib/Transaction.cpp
new/transactional-update-4.0.0~rc4/lib/Transaction.cpp
--- old/transactional-update-4.0.0~rc3/lib/Transaction.cpp 2022-05-03
12:42:30.000000000 +0200
+++ new/transactional-update-4.0.0~rc4/lib/Transaction.cpp 2022-05-17
09:43:52.000000000 +0200
@@ -26,6 +26,7 @@
#include <sched.h>
#include <signal.h>
#include <sys/inotify.h>
+#include <sys/mount.h>
#include <sys/wait.h>
#include <unistd.h>
#include <utime.h>
@@ -38,7 +39,7 @@
class Transaction::impl {
public:
void addSupplements();
- void mount();
+ void snapMount();
int runCommand(char* argv[], bool inChroot, std::string* buffer);
static int inotifyAdd(const char *pathname, const struct stat *sbuf, int
type, struct FTW *ftwb);
int inotifyRead();
@@ -87,7 +88,7 @@
return pImpl->snapshot->getRoot();
}
-void Transaction::impl::mount() {
+void Transaction::impl::snapMount() {
if (unshare(CLONE_NEWNS) < 0) {
throw std::runtime_error{"Creating new mount namespace failed: " +
std::string(strerror(errno))};
}
@@ -228,7 +229,7 @@
fs::copy(fs::path{getRoot() / "etc" / "fstab"}, overlay.upperdir,
fs::copy_options::overwrite_existing);
}
- pImpl->mount();
+ pImpl->snapMount();
pImpl->addSupplements();
if (pImpl->discardIfNoChange) {
// Flag file to indicate this snapshot was initialized with discard
flag
@@ -242,7 +243,7 @@
pImpl->snapshot.reset();
throw std::invalid_argument{"Snapshot " + id + " is not an open
transaction."};
}
- pImpl->mount();
+ pImpl->snapMount();
pImpl->addSupplements();
if (fs::exists(getRoot() / "discardIfNoChange")) {
pImpl->discardIfNoChange = true;
@@ -331,6 +332,13 @@
if (chroot(snapshot->getRoot().c_str()) < 0) {
throw std::runtime_error{"Chrooting to " +
std::string(snapshot->getRoot()) + " failed: " + std::string(strerror(errno))};
}
+ // Prevent mounts from within the chroot environment influence the
tukit organized mounts
+ if (unshare(CLONE_NEWNS) < 0) {
+ throw std::runtime_error{"Creating new mount namespace failed:
" + std::string(strerror(errno))};
+ }
+ if (mount("none", "/", NULL, MS_REC|MS_PRIVATE, NULL) < 0) {
+ throw std::runtime_error{"Setting private mount for command
execution failed: " + std::string(strerror(errno))};
+ }
}
// Set indicator for RPM pre/post sections to detect whether we run in
a
